Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Related APIs

Creating an Issuer

search

Creating an Issuer

Use the POST /v1/cckm/GoogleWorkspaceCSE/issuers API to create an issuer (a third-party identity provider). This API adds a valid issuer for authentication JWT for validation of wrap and unwrap APIs.

When creating the issuer, specify:

  • Name for the issuer.

  • Any of the following combinations:

    • issuer and jwksURL

    • issuer: Fetches openidConfigurationURL and jwksURL automatically.

    • openidConfigurationURL: Fetches the issuer and jwksURL automatically.

Syntax

curl -k '<IP>/api/v1/cckm/GoogleWorkspaceCSE/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "name": "<issuer-name>",\n  "iss": "<issuer-string-idp-jwt>"\n}' --compressed

Request Parameters

Parameter Type Description
AUTHTOKEN string Authorization token.
name string Name for the issuer.
dryRun boolean Whether to persist with the issuer. Set to true to skip persisting the issuer. All the validation checks, auto-discovery, and connectivity checks will be performed. The server will return the same status codes and response. Use dryRun to test creating the issuer without modifying the server state. Default value is false.
iss string Issuer string from the identity provider JWT, for example, https://abc.auth0.com/.
openidConfigurationURL string Identity provider configuration URL, for example, https://abc.auth.com/.well-known/openid-configuration.
jwksURL string URL of JWKS, for example, https://abc.auth0.com/.well-known/jwks.json.
meta JSON Additional information about the issuer.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/issuers' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "name": "demo_iss",\n  "iss": "https://abc.auth0.com/"\n}' --compressed

Example Response

{
    "id": "1fa6fd5a-01be-4b24-905f-21cba61c28a2",
    "uri": "kylo:kylo:cckm:kacls-endpoint:demo",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2020-10-15T13:19:39.991892753Z",
    "name": "demo_iss",
    "updatedAt": "2020-10-15T13:19:39.990470809Z",
    "iss": "https://abc.auth0.com/",
    "openidConfigurationURL": "https://abc.auth0.com/.well-known/openid-configuration",
    "jwksURL": "https://abc.auth0.com/.well-known/jwks.json",
    "meta": null
}

The output shows the issuer ID "1fa6fd5a-01be-4b24-905f-21cba61c28a2". Each issuer has a unique ID. This ID is needed when viewing or deleting an issuer. The ID is also required when creating an endpoint.

Response Codes

Response Code Description
2xx Success
4xx Client errors

Refer to HTTP status codes for details.